Everyone can see that a document exists in Enterprise, but you can use document sensitivities to control who is able to view and/or edit documents. The available sensitivity levels are Enterprise defined, and you cannot add, edit or delete them. The available document sensitives, from the least restrictive to the most restrictive, are:
- Public - Both internal and external users can view the document.
- External - External users can view the document. Public users cannot.
- Privileged - Only Enterprise users with proper access privileges can view, edit and/or delete the document.
- Internal - Internal Enterprise users can view the document.
- Confidential - Only Enterprise users with proper access privileges can view, edit and/or delete the document.
To assign a document sensitivity to a new document:
- Select the Details tab on the Add Document screen.
- Select the sensitivity level from the Sensitivity drop-down.
- Click OK.
To assign document sensitivities to existing documents:
- Right-click on the document.
- Select View -> Properties. The Document Properties screen opens.
- Select the Details tab.
- Select the sensitivity level from the Sensitivity drop-down.
- Click OK.
Restrict Access with Access Privileges
You can use the Allow Edit/Add of Documents by Sensitivity access privilege to restrict your internal Enterprise roles/users from viewing and editing documents based on the sensitivity of the document. The access privileges allows you to control access up to a certain sensitivity level. For example, if a role/user has access to Privileged documents, the role/user can add and edit public, external and privileged documents. If a role/user only has access to Public documents, then the role/user can only add and edit documents assigned to the Public sensitivity.
If no roles/users are assigned to the access privilege, it is considered inactive and all roles/users have access to add and edit all documents. Once you assign access to a role/user, any role/user not assigned to the privilege is unable to add and edit any document.
To assign users/roles to the privilege:
- Click the Access Privileges link from the Main Menu. The Access Privileges screen opens.
- Use the Description field to find the Allow Edit/Add of Documents By Sensitivity access privilege.
- Select the Allow Edit/Add of Documents By Sensitivity access privilege.
- Right-click and select Edit. The Edit Access Privilege screen opens.
- Click the Manage button in the Access Privilege Details tab. The Assign Access Privileges screen opens.
- Select the users/roles from the Available section on the left. Use Ctrl+Click or Shift+Click to select multiple users/roles.
- Click the right arrow button to move the users/roles to the Selected section on the right. Clicking the double right arrow button moves all users/roles to the Selected section.
- Click Save. You return to the Edit Access Privilege screen.
- Right-click on the user/role from the Access Privilege Details tab.
- Select Assign Details. The Assign Details screen opens.
- Select the document types the user/role has access to from the Available section on the left. Use Ctrl+Click or Shift+Click to select multiple document types.
- Click the right arrow button to move the document types to the Selected section on the right. Clicking the double right arrow button moves all document types to the Selected section.
- In the Selected section, click the drop-down arrow in the Sensitivity field.
- Select the sensitivity level the user/role can access for each document type.
- Click Save. You return to the Edit Access Privilege screen.
- Click OK.
You can use the Deletion of Document By Sensitivity access privilege to restrict your internal Enterprise users from deleting documents. This access privilege works the same as the Allow Edit/Add of Documents By Sensitivity access privilege.
Comments
11 comments
Is it possible to change the default level of document sensitivity?
0 upvotes
Martin,
The default, in the code, is that Internal is the default setting. However, you may be able to make the changes you wish by looking at the Access Privileges (Allow Edit/Add/Delete Documents by Sensitivity).
--Carrie
0 upvotes
I have found that users cannot even view documents without the Access Privilege (Allow Edit/Add of Document By Sensitivity); can you confirm?
0 upvotes
Alex - because the privilege is an implicit privilege, if you have one user assigned to this privilege, it "activates" it, and all users or roles will need to be in place to view and add documents. If you would like to open it up so that all users can view and add documents to all sensitivities, you would need to remove all users from that access privilege. Here is the wording directly from the window:
This access privilege controls whether or not users can edit or add documents and if so, up to what sensitivity level they can affect. If no users at all are assigned to this privilege, it is considered disabled and all users have complete access to edit or add any document of any level. If a user is attached to this privilege but is assigned a level of zero, it is the same as if the user was not assigned to the privilege.
0 upvotes
Thanks Katie but my question was whether a user can simply view documents without having the Allow Edit/Add of Document By Sensitivity access privilege. It seems strange that you cannot give a user permission to view a document without having to also give them the permission to edit it.
0 upvotes
Alex - It is possible to provide View Only access to documents per role. This is considered an Access Restriction. To set this, Edit the role in which you would like to restrict Edit Document access. On the Action Restrictions tab, click Add. In the Subject, choose Documents. In Action, choose the following: Edit, Edit (v19), Edit Document, Edit Document (v19), Edit Multiple.
0 upvotes
Thanks Katie. Exactly what I needed.
0 upvotes
Hello,
I'm trying to set a sensitivity level that only one department will be able to see. within the Allow/add of Documents by Sensitivity I can assign details as to which type of documents, but I don't see how I can assign users to a specific level of document sensitivity.
I see that there is a column called Level, but when I show the column nothing actually appears.
End goal is I would like to set a list of people who have access to document sensitivity level Confidential (9)
Thank you, I appreciate any comments here :)
0 upvotes
Hi Kayla,
According to your screen shot, you have your roles on the privilege. Therefore, you will be able to adjust the sensitivity level of the users on the Role. Once the Role has been assigned to the privilege, on the Access Privileges Details tab, locate the role and right click. Click Assign Details. The Assign Details window will open and the Role will display on the Selected side.
This is the second level of security within this Access Privilege. Here is where you can adjust what sensitivity level the users on this role have access to. By default, you are setting the sensitivity level to 'Access to All Details (*ALL)' meaning documents entirely. You can, however, locate on the Available list the specific documents area and move it to the selected side and change the sensitivity level for that area to even further customize the document sensitivity settings.
Moving the role on to the privilege, automatically sets the sensitivity to confidential. You would have to 'Assign Details' in order change the sensitivity.
Are all of the members in this department assigned to the same role? Also, would you like your users who are apart of other roles to be able to edit/add documents of a lower sensitivity?
Kaitlyn Batliner
Ungerboeck Consultant
0 upvotes
Thanks Kaitlyn, I understand now.
Actually all the users involved are on the same role, but other departments are also on that role who shouldn't see this document. I suppose I'll change the access privilege from role to specific users and control the access through the assign details options.
Is there a way to add a sensitivity type? The standard: Public (1), External (3), Privileged (5), and Confidential (9) - is there a place to add/customize these labels?
0 upvotes
Hi Kayla,
It is best practice to manage Roles on and off privileges, but you can do a combination of users and roles. Therefore, you can break out this single role into the users on the privilege and then customize where as your other roles may have a unified document sensitivity and for those, you are ok to move their role over and set the sensitivity rather than manually managing every single user in your database.
Keep in mind, this is an implicit access privilege. Therefore, if you never had any users or roles on this access privilege, everyone had access. As soon as you move over any users or rules, the privilege now acts like an explicit privilege where only those assigned have the privilege. I would make sure to take that in consideration when assigning so if any users or roles need ability to add/edit, even if it is a lower sensitivity, they have the appropriate security level set.
Also, if users have multiple roles, access privileges are least restrictive.
Lastly, the Document sensitivities are standard and not customizable. Confidential is the most restricted where Public is the least.
Hope this helps! If you have any issues and need further assistance, please feel free to reach out and schedule dedicated time with one of our consultants to work through this with you.
Kaitlyn Batliner
Ungerboeck Consultant
0 upvotes
Please sign in to leave a comment.